Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

How to tunnel internet traffic over VPN Tunnel Interface

md3895md3895 Newbie ✭
in Entry Level Firewalls

Hello Community,

I have a small network consisting of one TZ670 at a datacenter/hub and 3 branch offices: two with a TZ400 and the third a Cisco ASA. All gateways are .1

Hub - TZ670 - 10.10.10.0/24Branch A - TZ400 - 10.10.20.0/24Branch B - TZ400 - 10.10.30.0/24Branch C - Cisco ASA - 172.16.0.0/24

I recently changed the site-to-site VPNs between Branches A and B to the Hub to tunnel interfaces. Branch C has to remain a site-to-site.

Branch A - tunnel interface - HubBranch B - tunnel interface - HubBranch C - site-to-site - Hub

Routes

  1. Default tunnel routes were added on Branch A, B and Hub
  2. Routes added for Branch A to get to Branch B through Hub
  3. Routes added for Branch B to get to Branch A through Hub

How can I:

  1. Route all internet traffic from Branches A and B through the Hub and maintain branch to branch traffic.
  2. Exclude Office 365 traffic from the route all traffic.
  3. Allow Branch C to communicate with Branches A and B through the Hub and vice versa.

Note: All Sonicwall firewalls are running the latest firmware.

Category: Entry Level Firewalls
Reply
Tagged:

Answers

  • GMPGMP Newbie ✭

    Are you running OSPF? I found that OSPF handshakes ride the tunnel from remote sites to the primary SonicWall. Since the primary SonicWall is set to inject the default route, this route carries the traffic back to the primary.

    Make sure that the automatic configuration of the small SonicWall did not also create a default route to the ISP via X1.

Sign In or Register to comment.